Hello Guest, if you read this, it means you are not registered. Click here to register a few simple steps,
you will enjoy all the features of our Forum. Please note that nicknames are prohibited lewd or meaningless (no numbers or letters at random) and introduce yourself in the section for you to meet our community.

XSS Vulnerability Affecting Multiple WordPress Plugins

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.

Re: XSS Vulnerability Affecting Multiple WordPress Plugins

We urge our clients to update asap as this is a huge issue.

And please remember always create a backup before any major updates!
Also for webmasters who haven't the auto update function disable the update is already installed, you just need to make sure that your plugins are also updated!